Home > Privacy Policy

Privacy Policy

Updated 5 November 2025

 

This website is maintained by VisitCanberra, part of the Chief Minister, Treasury and Economic Development Directorate (CMTEDD) of the ACT Government. 

The privacy information on this page applies to how information is handled on our websites and across other services that we (VisitCanberra) provide. 

The Information Privacy Act 2014 is the law that we, (the Chief Minister, Treasury and Economic Development Directorate or CMTEDD) and all ACT public sector agencies must follow when handling your personal information. 

The Information Privacy Act has a set of 13 principles called the Territory Privacy Principles (TPPs). We must apply the TPPs when we collect, store, use, disclose, provide access to or correct your personal information. 

The Information Privacy Act also requires that we: 

  • have a current and up to date privacy policy that tells you how we will handle personal information when carrying out our functions and activities; and 

  • provide you with a privacy notice that tell you about why we are collecting your personal information and how we might use or disclose it. 

1. What is the role of VisitCanberra? 

Information collected by VisitCanberra is only used for purposes related to its core functions and activities. VisitCanberra's core function is to market the Australian Capital Territory and surrounding region as a travel destination. 

2. What is personal information and health information? 

‘Personal information’ has a meaning given by the Information Privacy Act as: 

“Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not”. 

Under the Information Privacy Act, personal information does not include ‘personal health information’. Personal health information or health records which we handle are protected and governed by the Health Records (Privacy and Access) Act 1997. 

Personal health information is defined as: 

“any personal information, whether or not recorded in a health record—relating to the health, an illness or a disability of the consumer; or - collected by a health service provider in relation to the health, an illness or a disability of the consumer”. 

3. What information does VisitCanberra collect? 

Analytical and measurement data 

When you visit our websites, our system automatically makes a record of your visit. We use this information for analytical and statistical purposes, to understand how people use our websites so we can improve them. This data is aggregated and does not include personal information. 

 The information collected may include: 

  • your Internet Protocol (IP) address. This is a unique number used to identify computers, phones and other devices over the internet 

  • the type of browser and operating system you use 

  • date and time of your visit 

  • the previous site visit 

  • which pages your device accesses 

  • the time spent on individual pages and the whole site 

  • which files your device downloades 

  • the keywords you use to search the site. 

Personal information 

The types of personal information that we collect will depend on the nature of your dealings with us and may include: 

  • your name 

  • your postal address 

  • your email address 

  • your home country 

  • your home State or Territory (if Australia) 

  • your year of birth 

  • your organisation 

  • information about your interests, preferences, or travel plans 

  • payment information 

  • any information you provide to us in enquiries or through correspondence. 

In addition to the above, we may collect the following information from those participating in a number of our programs such as hosted media or trade familiarisations and our Visiting Creatives Program:  

  • your address 

  • your date of birth 

  • your phone number  

  • your passport number, place of birth, place of issue, and nationality 

  • your relevant visa number and application  

  • your languages spoken 

  • cultural and religious requirements 

  • your emergency contact details including name, email and phone number  

The types of health information that we collect will depend on the nature of your dealings with us and may include: 

  • dietary requirements 

  • allergies 

  • health conditions 

  • weight 

  • accessibility requirements 

  • fears or phobias  

4. How does VisitCanberra collect personal information? 

Our websites don’t automatically collect personal information. Personal information is only collected when you choose to provide it. 

We’ll only ask for personal information if you’re: 

  • sending us an enquiry or feedback 

  • using the online chat service 

  • taking part in a survey or competition 

  • making a booking 

  • volunteering or participating in, or attending one of our events 

  • opting-in to communication or subscription services 

  • ordering assets from our image and video library 

  • participating in one of our programs such as media and trade familiarisation visits and our visiting creatives program 

  • applying for funding under grants programs. 

Your Health Information may be collected when you provide it to us when you: 

  • submit an application form to participate in a familiarisation activity or to attend an event 

In addition, we may collect information about you via: 

Telephone conversations 

The history of the telephone call, including details such as your name, the time, your enquiry and communication with VisitCanberra may be recorded and stored either electronically or via hard copy. 

Information from other sources 

We may use social media platforms and other interactive online forums or platforms through which we promote and provide our services. We may collect your personal information when you interact with us or mention VisitCanberra in public forums while using platforms such as Facebook, Instagram, X (formerly Twitter), TikTok, LinkedIn and YouTube. 

Photography and videography 

We may commission photographers to attend events, familiarisation trips and activations to photograph the event, familiarisation trip or activation and the general environment. This will include images and footage of patrons and participants for the purpose of using them in our promotional or marketing material (including any publication) in the future. 

In some circumstances, images or footage may constitute personal information. The image or footage may be reproduced on our websites or reproduced in communications via hard or soft copy. The terms and conditions of all our activations, familiarisation trips and events include the use of images and footage for these purposes. It should be noted that VisitCanberra is not responsible for any activities of the media or other patrons in relation to the display or communication of any footage or images at any event, familiarisation trip or activation.  

Pixels 

“Pixels” means the use of pixels (1 x 1 pixel images) that allow services to tell companies how many people have visited their site. When you take a certain action on our website, a request is sent to the server to download the tracking pixel attached to the content you’re interacting with. It’s an invisible process to you but the data collected will help us and our sponsors build better digital ad and content experiences for you. All information collected is de-identified, 

Cookies 

This website uses ‘cookies’. Cookies are small text files that a website transfers to a user’s computer or mobile device. Using and processing cookies allows us to enhance your browsing experience, analyse website performance, personalise content, deliver relevant ads and work with partners to improve our marketing efforts. Cookies by themselves do not allow us to see a user’s e-mail address or other personal information. If users submit personal information to us, the information may be linked to data stored in the cookie.  

Our website uses persistent cookies and session cookies: 

  • Persistent cookies remain on your device for the period specified in the cookie. As an example, we use persistent cookies to recognise you each time you visit our website and to remember your preferences. 

  • Session cookies are created when you visit our website and are automatically deleted when you close your browser. As an example, we use these cookies to link your actions during a single session on our website and to make sure that our website performs reliably. 

Some of our approved partners may also set third-party cookies on your device when you visit our website. We and our partners may use third-party cookies to provide more relevant advertising, to understand our users better, to keep our website functioning reliably and to help us deliver our services. 

Our cookies fall into the following categories: 

Essential Cookies (Always On) 

Essential cookies are necessary for the website to function properly and cannot be turned off. These cookies enable core features such as security, network management, and accessibility. They ensure the website performs as expected every time you visit. While they cannot be disabled, they do not store any personal information.    

Examples of use:  

Remembering your cookie consent preferences, ensuring that your cookie choices are applied throughout your browsing experience.  

Other essential cookies are used to store user preferences, enhance website security, and improve page load times. These cookies are required for our website to function and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but some parts of our websites may not function properly as a result.   

Measurement Cookies (Always On) 

These cookies allow us to count visits and review key traffic sources so we can measure and improve the performance of our site and cannot be turned off. They do not store directly personally identifiable information but are based on uniquely identifying your browser and internet device.  

Examples of use:  

We use Google Analytics to measure how people use our websites. These platforms gather information about website usage by means of cookies which collect anonymous data. The information gathered is then used to create reports about the use of our websites. Persistent cookies used by Google Analytics includes ‘ga’ and ‘_ga’. For more information about Google Analytics visit: https://marketingplatform.google.com/about/analytics/ and for details of Google’s privacy policy, visit https://policies.google.com/privacy?hl=en   

Advertising Cookies (Optional) 

We use advertising cookies to deliver relevant ads and marketing to you based on your interests and interactions with our website and potentially the websites of our partner organisations. These cookies help us limit the number of times you see an ad, measure the effectiveness of our campaigns, and improve your overall experience. With advertising cookies enabled, we aim to make sure that the ads you see are meaningful and aligned with what matters to you.  

Examples of use:  

We use advertising cookies from vendors including Google and Meta (the company which owns Facebook and Instagram) for the purposes of targeted online advertising. For more information on the vendors identified above including how they place and use cookies, please view their privacy policies at:   

If you want to prevent the use of advertising cookies or adjust your cookie settings, use our cookie consent manager. To remove existing cookies, use your browser options. 

Please note that deleting and blocking cookies may impact your user experience and limit certain functionalities on our website. 

Unsolicited information 

Unsolicited information is personal or sensitive information we receive from third parties, that we did not ask for. For example, misdirected mail, or complaints that do not relate to our functions or activities. If we receive unsolicited information, we are required under the TPPs to decide if we could have collected it lawfully. If we decide that we could not have collected it lawfully, we will either destroy the information or de-identify it. 

5. How will your personal information be stored? 

The Information Privacy Act requires us to take reasonable steps to ensure that the personal information we hold is kept safe, is secure and is protected from misuse, interference or loss and from unauthorised access, use, modification or disclosure. 

This website contains numerous links to other organisations’ web pages. VisitCanberra is not responsible for the information handling practices or privacy policies of those other organisations.  

VisitCanberra stores personal information securely both within and outside the Australian Capital Territory. 

Data stored within the Australian Capital Territory is stored in approved  
enterprise-grade applications. 

For data stored outside the Australian Capital Territory, we use: 

  • MailChimp for email subscriptions 
     
    MailChimp is compliant with the UK and EU GDPR through the Standard Contractual Clauses (SCCs) incorporated into our agreement. You can find details of Mailchimp’s commitment at: Mailchimp and European Data Transfers

  • BookEasy for online bookings 
     
    BookEasy is compliant with the Privacy Act 1998. You can find details of BookEasy’s privacy commitment here

  • PureChat for chat box services 
     
    You can find details of PureChat’s privacy commitment here

  • LookAtMe (Media Equation Pty Ltd) for image and video library services 
     
    You can find details of Media Equation’s privacy commitment here

  • SmartyGrants – for grant application services 
     
    You can find details of SmartyGrants privacy commitments here

6. How long will your personal information be stored? 

Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. 

When personal information is no longer needed, we either securely destroy it or irreversibly anonymise the data (and we may further retain and use the anonymised information). 

7. How does VisitCanberra use personal information? 

Personal information collected by VisitCanberra is only used for purposes related to its core functions and activities. VisitCanberra’s core function is to market the Australian Capital Territory and surrounding region as a travel destination. 

We may use personal information to contact the individual for direct marketing or market research purposes. 

We may use personal information when providing or facilitating the provision of goods and services, such as making a booking. 

We may use personal information to provide direct communication through email, targeted and retargeted advertising, targeted personalised digital content, social media contacts or other means. We use information on internet usage for the purpose of targeting specific content to users for the purpose of marketing the Australian Capital Territory as a travel destination.  

We may use personal information for statistical purposes. Where information is used for statistical purposes, all information capable of identifying an individual user will be removed. Statistics compiled from personal information may be made public, however no information enabling identification of any individual will be included in such statistical material.  

We use personal information to learn more about people using our websites and social media. We may collect, collate, and analyse this information to better understand and target its users and audience. We may use this information to specifically target messages to users. 

We use personal information to inform itinerary planning for media and trade familiarisations, and event organisation. Health information is important for us to collect to abide by our Workplace Health and Safety requirements when hosting events and familiarisation visits.  

When you opt in to receive communications from us, such as subscribing to our monthly electronic newsletter, we may use your personal information, like your email address, in a secure, one-way coded format (called "hashing") to help us show ads to people who are similar to our existing customers. This is done through advertising platforms like Google and Facebook. 

These platforms use the coded information to find users with similar interests or behaviours, helping us reach new audiences who might be interested in what we offer.  

You can opt out of this kind of advertising at any time by adjusting your ad settings on Google or Facebook, or by unsubscribing from our communication by clicking the Unsubscribe link at the bottom of every email.  

8. Disclosure and sharing of personal information to third parties 

Personal information data may be shared with: 

  • travel industry partners such as accommodation providers, attractions, airlines, online travel agents and booking sites  

  • cooperative marketing partners 

  • partners such as Tourism Australia  

  • information technology and data storage providers 

  • research and statistical analysis providers 

  • publishing houses and marketing/advertising agencies 

  • business partners with whom VisitCanberra has a formal contractual relationship 

  • media partners with whom VisitCanberra has a formal contractual relationship. 

For example, when you make an accommodation booking via our website, we will share the personal information related to that booking with the accommodation provider to facilitate the booking. 

All parties with access to this information will manage it in line with the Information Privacy Act and applicable laws. 

Some of the permitted secondary purposes we may use or disclose your personal information include where: 

  • you would reasonably expect us to use the information for the secondary purpose that is related (or directly related – in the case of sensitive information) to the primary purpose for which the information was collected 

  • the use or disclosure is required or authorised under or by an Australian law, or court order or tribunal 

  • we reasonably believe that the use or disclosure is reasonably necessary for an enforcement body’s enforcement related function or activity (i.e., the intelligence gathering, surveillance, or monitoring of activities), 

  • it is unreasonable or impracticable to obtain your consent, and we reasonably believe that use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety 

  • we have reason to suspect unlawful activity, or misconduct of a serious nature, that relates to our functions, and we reasonably believe that the use or disclosure of the information is necessary for us to take appropriate action 

  • we reasonably believe that the use or disclosure is necessary to help locate a person who has been reported as missing 

  • another permitted exception under the Information Privacy Act applies. 

9. Accessing and correcting your personal information 

You have the right to ask for (access) your personal information that we hold about you. You can ask in person, over the phone, or in writing. If you ask for access, we will take steps to verify your identity before we will disclose your personal information. 

If you have asked another person to access your personal information on your behalf, prior to granting access, we will take steps to verify their identity and confirm they have your consent and authority to receive that information, before disclosing your personal information. 

If your personal information is held by a business unit that provides public access or over-the-counter services, you may be able to ask for access in person. However, we have the right to refuse your request where: 

  • your personal information is not readily accessible, or is contained in a physical file that is stored somewhere else; 

  • the personal information in your record also contains the personal information of other people or third parties; or 

  • another law protects or tells us how the information must be disclosed i.e. secrecy laws or laws which require a fee or form that must be used for disclosure. 

If we cannot give you access in person, you may be asked to: 

  • make a written request; 

  • use or complete an approved form (if one applies including any lawful fee); or 

  • make an FOI request where; 

  • there is third party personal information present, or 

  • if the amount of information is too big for counter staff to process. 

If you request access to your personal information, we must provide you with access (in the way you requested if reasonable) within 30 days. If we refuse to provide access, we must advise you in writing (within 30 days of your request) of the reasons for refusal.  

Reasons for refusal may include where the information is subject to an exemption under the FOI Act, or where disclosure is not permitted under another law. 

There are no review rights if we refuse a request for access. You may instead wish to make a request for access under the FOI Act (which does have review rights) or, make a complaint to the Office of the Australian Information Commissioner (OAIC). 

Further information about our FOI arrangements, including how you can apply for access, can be found on our Freedom of Information website. 

How to request access 

When requesting access, you should ask the relevant CMTEDD business unit or officer who you believe holds your personal information in the first instance. 

You can also make a request for access or correction by contacting the CMTEDD Privacy Contact Officer by: 

Email[email protected] 
MailCMTEDD Privacy Contact Officer Chief Minister, Treasury and Economic Development Directorate 
GPO Box 158 
CANBERRA ACT 2601 


Correction 

You can ask us to correct your personal information we hold if you believe it is: 

  • incorrect; 

  • out-of-date; 

  • incomplete; 

  • irrelevant; or 

  • misleading. 

If you ask us to correct your personal information, we are required to take reasonable steps to do so, if having regard to the purpose for which it was collected, we agree the information is incorrect, out-of-date, incomplete, irrelevant, or misleading. 

We may refuse a request to correct your personal information where we believe another applicable law prevents the correction, or if we do not agree that the information is incorrect, out-of-date, incomplete, irrelevant, or misleading. 

If we refuse to correct your record, and you ask us to make an associated statement (the statement can say why you believe the personal information is incorrect, out-of-date, incomplete, irrelevant, or misleading), we will do so. We are not required to make an associated statement unless you specifically ask us to make one. 

There are no review rights under the Information Privacy Act if we refuse to correct your personal information. You can, however, seek amendment of your personal information under the FOI Act, which does have review rights, or make a complaint to the OAIC. 

10. Making a privacy complaint 

If you want to complain about how we have handled your personal information you can phone us, however, if you phone us we will still ask you, where not unreasonable, to put your complaint in writing, provide us with your name, address and phone number for contact, and enough information about the business unit or person you are making the complaint about. We can assist you to lodge your complaint if you need help. 

We will acknowledge receipt of your complaint within five working days and we will undertake an investigation into your complaint. In general, we aim to have completed our investigation within 21 working days and will endeavour to keep you update regularly throughout the investigation. 

Reporting a privacy data breach 

We take your privacy seriously and will deal promptly with any unauthorised access, use or disclosure of your personal information. 

The Office of the Australian Information Commissioner's (OAIC's) Notifiable Data Breaches Scheme (NDBS) does not apply to CMTEDD or other ACT public sector agencies unless: 

  • the information subject of the breach includes Tax File Numbers (TFN's); or 
  • personal health information or is part of a health record. 

Generally, the NDBS requires agencies to notify individuals whose personal information is involved in a data breach and to notify the OAIC where the breach is likely to result in serious harm to those individuals. 

Although we are not required to notify under the NDBS, it is our policy to voluntarily report any significant privacy data breaches to the OAIC. We will seek the OAIC's advice and assistance where we consider a breach may result in serious harm to affected individuals. This is aligned with the NDBS and is keeping with best privacy practice. 

Complaining to the Information Privacy Commissioner 

You can make a formal privacy complaint to the ACT Information Privacy Commissioner if you do not agree or are not happy with our response to your complaint, or you believe we have breached your privacy. 

The ACT Human Rights Commission (HRC) carries out the functions of the Information Privacy Commissioner and manages complaints against ACT public sector agencies. The HRC will assess your complaint and can decide if our actions are an interference with your privacy. 

Complaints must be in writing and include your name, address and telephone number, and provide details of the subject of your complaint. If you cannot write the complaint down, you can call and HRC can assist you to write the complaint down. The HRC can be contacted via: 

Email[email protected]
MailACT Information Privacy Commissioner
ACT Human Rights Commission
GPO Box 158
CANBERRA ACT 2601 
Online formComplaints advice and form available on the ACT Human Rights Commission website. 
Phone(02) 6205 2222 


If your complaint or alleged breach is upheld by the HRC and a decision is made, we will comply with any determination made by the HRC. 

11. Contacting us 

If you have any comment in relation to any aspect of the collection, use, security of, or access to your personal information please contact us by 

Email[email protected]
MailCMTEDD Privacy Contact Officer Chief Minister, Treasury and Economic Development Directorate 
GPO Box 158
CANBERRA ACT 2601 


Assisted Contact 

If you need assistance when accessing this Privacy Policy, please contact: 

National Relay Service (NRS) 

The NRS is a government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls. 

 You can access the 24-hour relay call numbers using the links below:  

Speak and Listen number: 1300 555 727 

TTY number: 133 677 

SMS relay number: 0423 677 767 

Visit the Australian Department of Communications website for other NRS numbers. 

Choose the ‘Making a call’ option that suits your needs to contact one of the Telephone numbers listed above. 

Translating and Interpreting Service (TIS) 

TIS is an interpreting service provided by the Department of Home Affairs for people who do not speak English and for agencies and businesses that need to communicate with their non-English speaking clients. 

Within Australia: 13 14 50

Outside Australia: +613 9203 4027  

TIS Online is available at: http://tisnational.gov.au/ 

Notification of Changes 

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the "Last Updated" date at the top of this page. If the changes are significant, we will provide a more prominent notice, such as by posting a notice on our website or sending you a direct notification (where appropriate). 

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.